Ability to inspect attachments and quarantine on keywords in document body, properties, or headers & footers

Ideally a Virtual Appliance vs. a physical box

Needs to be something with commercial levels of support - I know I can roll my own but it isn't an option

I don't really want to get into a debate about the merits of onsite vs. hosted - there are reasons we'd favour onsite but I'm absolutely not ruling out a hosted service if I felt we would have enough visibility of things such as logs.

The biggest issue with hosted is our comfort factor about the documents we're inspecting and quarantining being stored on a third parties servers.

Thanks, I've seen MailMarshall before but ruled it out as it looks like it sits on top of Windows - I'm looking for something self-contained, nice web GUI etc.

As for FSL, I used to run MailScanner + Postfix back when FSL released that product - seems a nice "wrapper" to it all, but I don't think it gives the granularity we need i.e. "If it's from Tom to Dick and contains a Word document with "Confidential" in the header or footer, quarantine it and send a copy to Harry".

The Clearswift box does the job quite nicely tbh, but I never like to blindly hit renew.

I use a Fortimail 100c, and it covers all of your bases pretty well. We currently use it for spam filtering and email encryption.

It can be run as a physical or virtual appliance, and has three modes of operation; transparent, gateway, or server.

Currently I have it set up in my DMZ running as a gateway. Exchange is using it as a smart host.

It stacks up pretty well against Postini. It does the document filtering better (I think). Fortinet does a really good job of updating the spam definitions. It also can use sender reputation, endpoint reputation, and Bayesian filtering, on top of traditional DNS/Definition based spam filtering.

Check it out. We switched to this from Postini about a year ago and haven't looked back.

1st Post

Just a suggestion so YMMV ... Look into the email protection services which McAfee offers ... Specifically those products that were originally part of MxLogic's offerings which McAfee acquired about a year ago .... Besides acting as both an inbound and outbound email filtering intermediary for spam, malware, & viruses, it also can provide email filters for such things as sexual content, racial slur content, and ethnic insensitive content ... Plus the added benefit of services like inbound email spooling should your email/internet link going down, prevention of illegal email relaying, and granular controls all the way down to the user level.

We really like our Barracuda Spam & Virus Firewall (we have a model 400). Inbound & Outbound filtering, AD/LDAP integration, multiple domain filtering, great support. Our Physical 400 is supporting about 400 user accounts right now, handling an average of about 30k-40k messages per day inbound, and it doesn't break a sweat. Lots of reviews of Barracuda devices here, and information about the VM version here

It mainly comes down to your personal preference (on-prem v. SaaS), but I will say the SaaS is easier-to-use and easier-to-trial. Plus, it is licensed per user (not per mailbox... no charge for aliases or distributions lists). Also, the SaaS includes a disaster recovery feature with web mail access that is very useful.

I represent SpamTitan In relation to your requirements and our product:

The key features we need are:

Pull list of valid addresses from AD via LDAP- yes
Really good anti-spam - 99.97% blocking
Really good spam quarantine/release mechanism - so easy its silly!
Granular whitelist and blacklist capability (sender IP, sender domain, email address etc.)- yes to all
Ability to inspect attachments and quarantine on keywords in document body, properties, or headers & footers- we block by attachment types and quarantine, we also have the function to block the email by specified keywords or strings which you can add to, but this would not apply to the attachment, ie if you specify the word "trout" you can specify that if this word appears in the subject, header or body or any combination the mail will white listed or blacklisted.
Ideally a Virtual Appliance vs. a physical box- we offer an VA or ISO to be deployed on your own hardware
Needs to be something with commercial levels of support - I know I can roll my own but it isn't an option- yes